We’ve upgraded the ability to investigate all entities mentioned in a result set by using the table view. Displayed in a left-side panel are all of the entities mentioned in events matching a user’s query. These entities are organized by category and arranged from most to least referenced.

Our upgraded table view makes it easy for users to sift through large result sets to quickly identify the presence of interesting entities like companies, malware, technical cyber details, and locations.

The above image is an example of the table view from this query seeking cyber attacks against technology companies during a week-long period. The company Apple is selected, which determines the event information displayed in the main panel, and a separate entity, phishing, is being moused over in the left drawer to see the total references.

Build Entity Watch Lists from the Table View

Aside from rapid identification of entities present in a result set, users can take advantage of this view to create robust watch lists for monitoring and further analysis. Below, we’ve identified a reportedly malicious IP address for monitoring and can add it directly to a watch list from the table view. Addition of entities to a list also be done in bulk.

Why add entities to a list? This is one of the most powerful ways to customize the analysis workspace to your domain. Lists of entities created by users are stored privately in their My Work area and are available for search, application tuning, and alerts.